Wireshark (Network Security)

My favorite tool lately has been Wireshark. Out of curiosity, I decided to compare Wireshark with Microsoft Message Analyzer.

Microsoft Message Analyzer is a new tool for capturing, displaying, and analyzing protocol messaging traffic, events, and other system or application messages in network troubleshooting and other diagnostic scenarios. Message Analyzer also enables you to load, aggregate, and analyze data from log and saved trace files. It is the successor to Microsoft Network Monitor 3.4 and is a key component in the Protocol Engineering Framework (PEF) that was created by Microsoft to improve protocol design, development, implementation testing and verification, documentation, and support (technet.microsoft.com, 2017).

Some highlights from my findings are:

Microsoft Message Analyzer

Microsoft Message Analyzer not only captures traffic and can read captures, but it also analyzes information from Windows event logs, .log files, Powershell, SQL, and Azure

Captured “messages” are the packets or frames

There is an easy to read GUI

Can capture from a remote computer or from multiple machines at the same time.

Ability to decrypt all the data if you import a new SSL Certificate or by capturing at Windows firewall level or at application level before being encrypted by HTTPS

Can open panels of information side by side to have a better understanding of the system

Capture files compressed with gzip can be decompressed on the fly

Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2

(Wireshark.org, 2017).

Wireshark has been around for a long time and is well known in the industry. any system. Microsoft Message Analyzer seems to be an overall good tool to have and add to the mix. Maybe not the only one, but a good one to use in addition to the others.